<!--#include file="../../const.asp" -->
<!--#include file="../../p_conn.asp" -->
<!--#include file="../../common/Function.asp" -->
<!--#include file="../../common/library.asp" -->
<!--#include file="../../common/cache.asp" -->
<!--#include file="../../common/checkUser.asp" -->
<!--#include file="../../common/ModSet.asp" -->
<%
'=====================================
'  留言插件信息处理页面
'    更新时间: 2005-10-24
'=====================================
%>
<%
Dim GBSet,charCount,delay,OpenState,canDel,canchange,CanGuest,canchinese
Set GBSet=New ModSet
	GBSet.open("GuestBookForPJBlog")
If Not GBSet.PasreError<>-18903 Then
	showmsg "错误信息","留言本插件没有安装<br/><a href=""javascript:history.go(-1)"">单击返回</a>","MessageIcon","plugins"
End If
	charCount=GBSet.getKeyValue("charCount")
	delay=GBSet.getKeyValue("delay")
	OpenState=GBSet.getKeyValue("OpenState")
	canDel=GBSet.getKeyValue("canDel")
	canchange=GBSet.getKeyValue("canchange")
	CanGuest=GBSet.getKeyValue("CanGuest")
	canchinese=GBSet.getKeyValue("Canchinese")
If Not cBool(OpenState) Then
	showmsg "错误信息","留言本暂时关闭！<br/><a href=""default.asp"">单击返回首页</a>","WarningIcon","plugins"
End If

If request.form("action")="post" Then
	postMsg '发表留言
ElseIf Request.QueryString("action")="del" Then 
	delMsg  '删除留言
ElseIf Request.form("action")="reply" Then 
	replyMsg '回复留言
ElseIf Request.QueryString("action")="delreply" Then
	delreplyMsg
ElseIf Request.Form("action")="EditMsg" Then
	EditMsg
Else
	showmsg "错误信息","非法操作！<br/><a href=""javascript:history.go(-1)"">单击返回</a>","ErrorIcon","plugins"
End If

'============================= 发表留言 ========================================
Function postMsg
	Dim username,post_Message,validate,hiddenreply,face,SQLMem,email,tsiteURL
	Dim password,LastMSG,FlowControl
		username=trim(CheckStr(request.form("username")))
		password=trim(CheckStr(request.form("password")))
		face=CheckStr(request.form("book_face"))
	If face=empty Then face="face1"
	If stat_Admin Then face="face"
		validate=trim(request.form("validate"))
		hiddenreply=request.form("hiddenMsg")
		post_Message=CheckStr(request.form("Message"))
		Set SQLMem=conn.Execute("Select mem_Email,mem_HomePage FROM blog_Member Where mem_Name='"&memName&"'")
	If memName=Empty Then
		email=trim(CheckStr(request.form("myblogemail")))
		tsiteURL=trim(CheckStr(request.form("myblogsiteurl")))
	Else
		email = SQLMem("mem_Email")
		tsiteURL = SQLMem("mem_HomePage")
	End If
	FlowControl=false

	Set LastMSG=conn.execute("select top 1 book_Content from blog_book order by book_ID desc")
	If LastMSG.eof Then 
		FlowControl=false
	Else
		If LastMSG("book_Content")=post_Message Then FlowControl=true
	End If

	If memName=empty And email<>"" And IsValidEmail(email)=false Then
		showmsg "留言发表错误信息","<b>邮箱格式错误</b><br/><a href=""javascript:history.go(-1);"">返回</a>","WarningIcon","plugins"
		Exit Function
	End If

	If memName=empty And tsiteURL<>"" And tsiteURL<>"http://" And IsRightUrl(tsiteURL)=false Then
		showmsg "留言发表错误信息","<b>网址格式错误</b><br/><a href=""javascript:history.go(-1);"">返回</a>","WarningIcon","plugins"
		Exit Function
	End If

	If regFilterSpam(post_Message,"../../reg.xml") And stat_Admin=false Then
		showmsg "留言发表错误信息","<b>留言中包含被屏蔽的字符</b><br/><a href=""javascript:history.go(-1);"">返回</a>","WarningIcon","plugins"
		Exit Function
	End If

	If filterSpam(post_Message,"../../spam.xml") And stat_Admin=false Then
		showmsg "留言发表错误信息","<b>留言中包含被屏蔽的字符</b><br/><a href=""javascript:history.go(-1);"">返回</a>","WarningIcon","plugins"
		Exit Function
	End If

	If Left(trim(post_Message),1)= Chr(13) And stat_Admin=false Then
		showmsg "留言发表错误信息","<b>留言内容首字符禁止为回车</b><br/><a href=""javascript:history.go(-1);"">返回</a>","WarningIcon","plugins"
		Exit Function
	End If

	If Not stat_Admin And canchinese=1 Then
		Dim china
		Set china=new RegExp
		china.IgnoreCase =True
		china.Global=True
		china.Pattern="[\u4E00-\u9FA0]"
		If Not china.Test(post_Message) And stat_Admin=false Then
			showmsg "留言发表错误信息","<b>留言内容居然没任何中文!</b><br><b>小丫呢，你好懒啊？恶意灌水？</b><br/><a href=""javascript:history.go(-1);"">请返回重新输入</a>","WarningIcon","plugins"
			Set china=Nothing
			Exit Function
		End If
	End If

	If FlowControl And Not stat_Admin Then
		showmsg "留言发表错误信息","<b>禁止恶意灌水！</b><br/><a href=""javascript:history.go(-1);"">返回</a>","WarningIcon","plugins"
		Exit Function
	End If

	If DateDiff("s",Request.Cookies(CookieName)("bookLastPost"),DateToStr(now(),"Y-m-d H:I:S"))<int(delay) And Not stat_Admin Then
		showmsg "留言发表错误信息","<b>发言太快,请 "&delay&" 秒后再发表留言</b><br/><a href=""javascript:history.go(-1);"">返回</a>","WarningIcon","plugins"
		Exit Function
	End If

	If len(username)<1 Then
		showmsg "留言发表错误信息","<b>请输入你的昵称.</b><br/><a href=""javascript:history.go(-1);"">返回</a>","ErrorIcon","plugins"
		Exit Function
	End If

	If Not stat_Admin And (memName=empty or blog_validate=true) and (cstr(lcase(Session("GetCode")))<>cstr(lcase(validate)) or IsEmpty(Session("GetCode"))) Then
		showmsg "留言发表错误信息","<b>验证码有误，请返回重新输入</b><br/><a href=""javascript:history.go(-1);"">请返回重新输入</a>","ErrorIcon","plugins"
		Exit Function
	End If

	If CanGuest=0 And memName=empty Then
		showmsg "留言发表错误信息","<b>管理员关闭了游客留言的权限!!!</b><br/><a href=""javascript:history.go(-1);"">请返回</a>","ErrorIcon","plugins"
	End If

	Dim checkMem
	If memName=empty Then
		If len(password)>0 Then
			Dim loginUser
				loginUser=login(Request.Form("username"),Request.Form("password"))
			If Not request.Cookies(CookieName)("memName")=username Then
				showmsg "留言发表错误信息","<b>登录失败，请检查用户名和密码</b><br/><a href=""javascript:history.go(-1);"">单击返回</a>","WarningIcon","plugins"
				Exit Function
			End If
		Else
			Set checkMem=Conn.ExeCute("select * from blog_Member where mem_Name='"&username&"'")
			If Not checkMem.eof Then
				showmsg "留言发表错误信息","<b>该用户已经存在，无法发表留言</b><br/><a href=""javascript:history.go(-1);"">单击返回</a>","WarningIcon","plugins"
				Exit Function
			End If
		End If
	End If

	If len(post_Message)<1 Then
		showmsg "留言发表错误信息","<b>不允许发表空留言信息</b><br/><a href=""javascript:history.go(-1);"">单击返回</a>","WarningIcon","plugins"
		Exit Function
	End If

	If len(post_Message)>int(charCount) And Not stat_Admin Then
		showmsg "留言发表错误信息","留言超过最大字数限制<br/><a href=""javascript:history.go(-1);"">单击返回</a>","ErrorIcon","plugins"
		Exit Function
	End If

	If hiddenreply=1 Then hiddenreply=true Else hiddenreply=false
	If memName=empty And hiddenreply Then
		showmsg "留言发表错误信息","必须登录才可以发表隐藏留言<br/><a href=""javascript:history.go(-1);"">单击返回</a>","ErrorIcon","plugins"
		Exit Function
	End If

'插入数据
Conn.ExeCute("Insert INTO blog_book(book_Messager,book_face,book_IP,book_Content,book_HiddenReply,book_email,book_siteurl) VALUES ('"&username&"','"&face&"','"&getIP()&"','"&post_Message&"',"&hiddenreply&",'"&email&"','"&tsiteURL&"')")
Conn.ExeCute("update blog_Info Set blog_MessageNums=blog_MessageNums+1")
	If userName<>empty Then
		Conn.Execute("update blog_Member Set mem_PostMessageNums=mem_PostMessageNums+1 where mem_Name='"&userName&"'")
	End If
Response.Cookies(CookieName)("bookLastPost")=DateToStr(now(),"Y-m-d H:I:S")

'留言邮件通知
	If blog_Isjmail Then
		Dim SQLcomm, log_commcomm
		SQLcomm="Select TOP 1 * FROM blog_book Where book_Messager='"&username&"' order By book_ID Desc "
		Dim email_bookid
		Set log_commcomm=conn.execute(SQLcomm) 
			email_bookid=log_commcomm("book_ID")
		log_commcomm.Close
		Set log_commcomm=Nothing
			Dim emailcontent,emailtitle
			emailtitle = "您的博客有新的留言！"
			emailcontent = " 访客 <strong>"&username&"</strong> 在您的博客中发表了如下留言：<div style=""margin:10px 0px;padding:10px;width:400px;border:1px solid #999;border-bottom-left-radius:4px 4px;border-bottom-right-radius:4px 4px;border-top-left-radius:4px 4px;border-top-right-radius:4px 4px;color:#574D31;background:#F0ECD0;""><strong>"&username&"</strong>："&DelQuote(post_Message)&"。</div><a href="""&siteURL&"LoadMod.asp?plugins=GuestBookForPJBlog#book_"&email_bookid&"""  target=""_blank"">详情请点击查看</a>"
			call sendmail(blog_email,emailtitle,emailcontent,sitename)
			'call sendmail(username,"",email_bookid,"",0,post_Message)
	End If

getInfo(2)
EmptyEtag
SQLQueryNums=SQLQueryNums+3
reloadMsg
	If memName=empty And len(password)<1 Or (canDel<>1 And canchange<>1) Or stat_Admin Then
		showmsg "留言发表信息","<b>你成功地发表了留言</b><br><a href=""LoadMod.asp?plugins=GuestBookForPJBlog"">单击返回留言本</a>","MessageIcon","plugins" 
	Else
		showmsg "留言发表信息","<b>你成功地发表了留言</b><br/>且可以在<font color=red>" & GBSet.getKeyValue("ChangeTime") & "分钟内</font>再次编辑或删除<br><a href=""LoadMod.asp?plugins=GuestBookForPJBlog"">单击返回留言本</a>","MessageIcon","plugins" 
	End If
End Function

'==================================== 删除留言 ===============================================
Function delMsg
	Dim book_ID,bookDB,PostMessager
	book_ID=CheckStr(request.QueryString("id"))
	Set bookDB=Conn.ExeCute("select * from blog_book where book_ID="&book_ID)

	If bookDB.eof Or bookDB.bof Then
		showmsg "错误信息","<b>不存在此留言,或该评论已经被删除!</b><br/><a href=""javascript:history.go(-1);"">单击返回</a>","ErrorIcon","plugins"
		Exit Function
	End If
  
	Dim changetime_1
	changetime_1=Int(DateDiff("n",DateToStr(bookDB("book_PostTime"),"Y-m-d H:I:S"),DateToStr(now,"Y-m-d H:I:S")))

	If (CInt(GBSet.getKeyValue("canDel"))=1 And (Int(GBSet.getKeyValue("ChangeTime")) < changetime_1)) And Not(memName<>Empty And stat_Admin) Then
		showmsg "错误信息","删除留言有 " & GBSet.getKeyValue("ChangeTime") & " 分钟时间限制<br>目前超过 "& ztime(changetime_1 - GBSet.getKeyValue("ChangeTime")) &"<br><a href=""javascript:history.go(-1)"">单击返回</a>","WarningIcon","plugins"
	End If

	If CInt(GBSet.getKeyValue("canDel"))=0 And Not(memName<>Empty And stat_Admin) Then
		showmsg "错误信息","管理员关闭了用户删除留言功能<br>请不要越权操作!!!<br><a href=""javascript:history.go(-1)"">单击返回</a>","WarningIcon","plugins"
	End If
	PostMessager=bookDB("book_Messager")

	If (memName<>empty And stat_Admin) Or Lcase(PostMessager)=Lcase(memName) Then
		Conn.ExeCute("DELETE * FROM blog_book WHERE book_ID="&book_ID)
		Conn.ExeCute("update blog_Info Set blog_MessageNums=blog_MessageNums-1")
		Conn.Execute("update blog_Member Set mem_PostMessageNums=mem_PostMessageNums-1 where mem_Name='"&PostMessager&"'")
		getInfo(2)
		reloadMsg
		showmsg "留言删除成功","<b>留言已经被删除成功!</b><br/><a href=""LoadMod.asp?plugins=GuestBookForPJBlog"">单击返回</a>","MessageIcon","plugins"
	Else
		showmsg "错误信息","<b>你没有权限删除该留言</b><br/><a href=""javascript:history.go(-1);"">单击返回</a>","ErrorIcon","plugins"
	End If
	EmptyEtag
End Function 

'==================================== 删除留言回复 ===============================================
Function delreplyMsg
	Dim MsgID_1,MsgNull
	MsgNull=""
	MsgID_1 = CheckStr(Request.QueryString("ID"))
	'MsgReplyContent=CheckStr(request.form("Message"))
	If Not (memName<>empty And stat_Admin) Then
		showmsg "错误信息","你没有权限删除回复<br/><a href=""javascript:history.go(-1)"">单击返回</a>","WarningIcon","plugins"
	End If

	If MsgID_1=Empty Then 
		showmsg "错误信息","非法操作<br/><a href=""javascript:history.go(-1)"">单击返回</a>","WarningIcon","plugins" 
	End If

	If IsInteger(MsgID_1)=False Then 
		showmsg "错误信息","非法操作<br/><a href=""javascript:history.go(-1)"">单击返回</a>","WarningIcon","plugins" 
	End If

	Conn.ExeCute("update blog_book Set book_reply='"&MsgNull&"',book_replyAuthor='"&MsgNull&"',book_replyTime=#"&DateToStr(now(),"Y-m-d H:I:S")&"# where book_ID=" & MsgID_1)
	showmsg "回复信息","删除回复成功!<br/><a href=""LoadMod.asp?plugins=GuestBookForPJBlog"">单击返回留言本</a>","MessageIcon","plugins" 
End Function 

'==================================== 回复留言 留言 ===============================================
Function replyMsg
	Dim MsgReplyContent,MsgID
	MsgID = CheckStr(Request.form("MsgID"))
	MsgReplyContent=CheckStr(request.form("Message"))

	If Not (memName<>empty And stat_Admin) Then
		showmsg "错误信息","你没有权限回复留言<br/><a href=""javascript:history.go(-1)"">单击返回</a>","WarningIcon","plugins"
	End If

	If MsgID=Empty Then 
		showmsg "错误信息","非法操作！<br/><a href=""javascript:history.go(-1)"">单击返回</a>","WarningIcon","plugins" 
	End If

	If IsInteger(MsgID)=False Then 
		showmsg "错误信息","非法操作！<br/><a href=""javascript:history.go(-1)"">单击返回</a>","WarningIcon","plugins" 
	End If

	Conn.ExeCute("update blog_book Set book_reply='"&MsgReplyContent&"',book_replyAuthor='"&memName&"',book_replyTime=#"&DateToStr(now(),"Y-m-d H:I:S")&"# where book_ID=" & MsgID)

'留言邮件通知
	If blog_reply_Isjmail Then
		Dim SQLcomm, log_commcomm
		SQLcomm="Select TOP 1 * FROM blog_book Where book_ID="&MsgID
		Set log_commcomm=conn.execute(SQLcomm) 
			If trim(log_commcomm("book_email"))<>"" Then
				Dim emailcontent,emailtitle
				emailtitle = "您在"&siteName&"上发表的留言已有了新回复！"
				emailcontent = "尊敬的 <strong>"&log_commcomm("book_Messager")&"</strong> ，您好！<br/>您在博客 <strong>"&siteName&"</strong> 上发表的留言<br/>博主 <strong>"&memName&"</strong> 已经有了新的回复，回复内容为： <div style=""margin:10px 0px;padding:10px;width:400px;border:1px solid #999;border-bottom-left-radius:4px 4px;border-bottom-right-radius:4px 4px;border-top-left-radius:4px 4px;border-top-right-radius:4px 4px;color:#574D31;background:#F0ECD0;""><strong>您 </strong>说："&DelQuote(log_commcomm("book_Content"))&"<br/><strong>"&memName&" </strong>回复："&DelQuote(MsgReplyContent)&"<br/><br/><a href="""&siteURL&"LoadMod.asp?plugins=GuestBookForPJBlog#book_"&MsgID&"""  target=""_blank"">详情请点击查看</a></div>谢谢您的留言，欢迎您再次光临本博客！<br/>本邮件系统自动发送，请勿直接回复。"
				call sendmail(log_commcomm("book_email"),emailtitle,emailcontent,log_commcomm("book_Messager"))
				'call sendmail(username,"",email_bookid,"",0,post_Message)
			End If
		log_commcomm.Close
		Set log_commcomm=Nothing
	End If

	showmsg "回复信息","回复留言成功!<br/><a href=""LoadMod.asp?plugins=GuestBookForPJBlog"">单击返回留言本</a>","MessageIcon","plugins" 
End Function 

'==================================== 编辑留言 ===============================================
Function EditMsg
	Dim editContent,MsgID_1,editface,username_1,edithidden,edituser,edituser_1,userip,userip_1,userface
	MsgID_1 = CheckStr(Request.form("MsgID"))
	editContent=CheckStr(request.form("Message"))
	editface=CheckStr(request.form("book_face"))
	username_1=trim(CheckStr(request.form("username")))
	edithidden=request.form("hiddenMsg")
	If edithidden=empty Then edithidden="0"
	Set edituser=Server.CreateObject("Adodb.Recordset")
	SQL="select * from blog_book where book_ID="&MsgID_1&""
	edituser.Open SQL,Conn,1,1

	If edituser.eof And edituser.bof Then
		showmsg "错误信息","留言不存在<br/><a href=""LoadMod.asp?plugins=GuestBookForPJBlog"">单击返回留言本</a>","MessageIcon","plugins" 
	Else
		edituser_1=edituser("book_Messager")
		userip=edituser("book_IP")
		userface=edituser("book_face")

		If editface=empty Then
			editface=userface
		End If

		If edituser_1=username_1 And stat_Admin Then
			editface="face"
		End If

		If memName<>empty And stat_Admin Then
			userip_1=userip
		Else
			userip_1=getIP()
		End If
	End If

	Dim changetime_1
	changetime_1=Int(DateDiff("n",DateToStr(edituser("book_PostTime"),"Y-m-d H:I:S"),DateToStr(now,"Y-m-d H:I:S")))

	If (CInt(GBSet.getKeyValue("canchange"))=1 And (Int(GBSet.getKeyValue("ChangeTime")) < changetime_1)) And Not(memName<>Empty And stat_Admin) Then
		showmsg "错误信息","编辑留言有 " & GBSet.getKeyValue("ChangeTime") & " 分钟时间限制<br>目前超过 "& ztime(changetime_1 - GBSet.getKeyValue("ChangeTime")) &"<br><a href=""javascript:history.go(-1)"">单击返回</a>","WarningIcon","plugins"
	End If

	If CInt(GBSet.getKeyValue("canchange"))=0 And Not(memName<>Empty And stat_Admin) Then
		showmsg "错误信息","管理员关闭了用户编辑留言功能<br>请不要越权操作!!!<br><a href=""javascript:history.go(-1)"">单击返回</a>","WarningIcon","plugins"
	End If

	If Not (memName<>empty And stat_Admin Or edituser_1=username_1) Then
		showmsg "错误信息","请不要非法提交信息<br/><a href=""javascript:history.go(-1)"">单击返回</a>","WarningIcon","plugins"
	End If
	
	If MsgID_1=Empty Then 
		showmsg "错误信息","非法操作<br/><a href=""javascript:history.go(-1)"">单击返回</a>","WarningIcon","plugins" 
	End If

	If IsInteger(MsgID_1)=False Then 
		showmsg "错误信息","非法操作<br/><a href=""javascript:history.go(-1)"">单击返回</a>","WarningIcon","plugins" 
	End If

	Conn.ExeCute("update blog_book Set book_face='"&editface&"',book_IP='"&userip_1&"',book_Content='"&EditContent&"',book_HiddenReply='"&edithidden&"',book_replyTime=#"&DateToStr(now(),"Y-m-d H:I:S")&"# where book_ID=" & MsgID_1)
	showmsg "回复信息","修改留言成功!<br/><a href=""LoadMod.asp?plugins=GuestBookForPJBlog"">单击返回留言本</a>","MessageIcon","plugins" 
 End Function 

Function reloadMsg
	Dim book_Messages,book_Message,blog_Message
	Set book_Messages=Conn.Execute("SELECT top 10 book_ID,book_Messager,book_PostTime,book_Content,book_HiddenReply FROM blog_book order by book_PostTime Desc")
	TempVar=""
	Do While Not book_Messages.EOF

	If book_Messages("book_HiddenReply") Then
		book_Message=book_Message&TempVar&book_Messages("book_ID")&"|,|"&book_Messages("book_Messager")&"|,|"&book_Messages("book_PostTime")&"|,|"&"[隐藏留言]"
	Else
		book_Message=book_Message&TempVar&book_Messages("book_ID")&"|,|"&book_Messages("book_Messager")&"|,|"&book_Messages("book_PostTime")&"|,|"&book_Messages("book_Content")
	End If
	
	TempVar="|$|"
	book_Messages.MoveNext
	Loop
	Set book_Messages=Nothing
	blog_Message=Split(book_Message,"|$|")
	Application.Lock
	Application(CookieName&"_blog_Message")=blog_Message
	Application.UnLock
	EmptyEtag
End Function

Function ztime(ztime_1)
	Dim ztime_2,themin,thehour,theday
	ztime_2=int(ztime_1)
	theday=int(ztime_2/60/24)
	thehour=int((ztime_1-theday*60*24)/60)
	themin=ztime_2-thehour*60-theday*60*24
	If theday>365 Then
		ztime="超过一年了"
	Else
		ztime=theday & "天" & thehour & "小时" & themin & "分钟"
	End If
End Function 
%>